Module_7

MODULE 7

REGULATORY SANDBOX FOR FINTECH

Innovation facilitators, typically, take the form of ‘innovation hubs’ and ‘regulatory
sandboxes’. Innovation hubs provide a dedicated point of contact for firms to raise
enquiries with competent authorities on FinTech-related issues and to seek non-
binding guidance on regulatory and supervisory expectations, including licensing
requirements. Regulatory sandboxes, on the other hand, are schemes to enable firms
to test, pursuant to a specific testing plan agreed and monitored by a dedicated
function of the competent authority, innovative financial products, financial services
or business models.

These initiatives are designed to promote greater engagement between competent
authorities and firms about financial innovations with a view to enhancing firms’1
understanding of regulatory and supervisory expectations and increasing the
knowledge of competent authorities about innovations and the opportunities and risks
they present. Two main categories of innovation facilitator can be identified:

1. Innovation hubs: these provide a dedicated point of contact for firms to raise
enquiries with competent authorities on FinTech-related issues and to seek
non-binding guidance on the conformity of innovative financial products,
financial services or business models with licensing or registration
requirements and regulatory and supervisory expectations.

2. Regulatory sandboxes: these provide a scheme to enable firms to test, pursuant
to a specific testing plan agreed and monitored by a dedicated function of the
competent authority, innovative financial products, financial services or
business models. Sandboxes may also imply the use of legally provided
discretions by the relevant supervisor (with use depending on the relevant
applicable law).2 However, a point to note for sandboxes existing in countries
that are part of supranational organsiations such as the EU is that sandboxes

1 BCBS Sound Practices: Implications of FinTech for banks and bank supervisors <available at:
https://www.bis.org/bcbs/publ/d431.pdf>.
2 BCBS Sound Practices: Implications of FinTech for banks and bank supervisors <available at:
https://www.bis.org/bcbs/publ/d431.pdf>.

do not entail the disapplication of regulatory requirements that must be applied
as a result of EU law.

The rising sophistication of FinTech solutions is leading to increasing levels of risks.
In circumstances where it is unclear whether a new financial product or service
complies with existing banking standards, some financial institutions may err on the
side of caution, thereby, hindering innovation. Furthermore, every organisation is
trying to do pilots with dozens of FinTechs and managing the process is becoming
very complex. Indeed, a FinTech sandbox can help innovators overcome these
challenges.

A sandbox acts as a layer between the market and the ‘disruptors’ who get to test their
innovations and facilitates smooth collaboration between FinTech companies and
regulators. Additionally, regulators do not have to worry about creating a regulatory
framework as they can adopt a ‘trial and error’ method and take a response-based
approach towards creating a regulatory infrastructure to govern fintechs in.

Regulatory Sandboxes are efficient supervisory initiatives that can help manage the
financial innovations in the FinTech sector efficiently. They provide a ‘safe and
conducive space’ where FinTech solutions can be experimented with. It provides
measures to contain the fallout of the consequences in the event of a failure.3

7.1. Introduction

Regulatory Sandboxes were first tested by the regulators in UK, and have since been
adopted by several other jurisdictions. Regulators often implement different methods
to address financial innovation, such as establishment of innovation offices,
establishing mechanisms for FinTech firms to conduct trial operations, holding
innovation competitions, providing funding through business accelerators and
coordination with other domestic & international regulators. 4 One of the most
common methods used by regulators to address and test financial innovations are

3Max Ng and Amira Nabila Budiyano, Singapore’s Regulatory Sandbox and Where We Are Today,
Lexology<available at: https://www.lexology.com/library/detail.aspx?g=3ac2825c-2998-4fae-b450-
970839868e93>.
4 United Nations Secretary General’s Special Advocate or Inclusive Finance for Development
(UNSGSA) and the Markets Authority of Singapore (MAS), Early Lessons on Regulatory Innovations
to Enable Inclusive FinTech: Innovation Offices, Regulatory Sandboxes and RegTech<available at:
https://www.unsgsa.org/files/3515/5007/5518/UNSGSA_Report_2019_Final-compressed.pdf>.

‘Regulatory Sandboxes’. A regulatory sandbox allows for the creation of a conducive

and protected space, wherein novel financial innovations can be tested experimentally
at the edge, or even outside the existing regulatory framework.5 A regulatory sandbox

lowers the cost of innovation, reduces entry barriers, and enables regulators to collect
important insights before ascertaining whether further regulatory action is necessary.6

It allows for the formulation of regulations at a fast enough pace while giving

companies some breathing room – so that the best regulation practice may be arrived
at.7

With the RBI poised to release the basic guidelines and directives on an Indian
Regulatory Sandbox8 for FinTech9, there are several arguments to be made in favour
of such a move.10 A regulatory sandbox is a useful tool for the regulator and fintech

innovators for such situations where there is absence of governing regulations or

where there may be a need to modify existing regulations because the proposed

innovation shows the promise of ease to customers in a significant way. A regulatory

sandbox is a safe space which allows regulators to facilitate small-scale tests by

temporarily relaxing certain regulations to collect empirical evidence, while
containing risks. In the example above, under the regulatory sandbox framework11,

RBI can allow the app to be launched with farmers within certain limits and for a

specific period. At the end of the period, RBI will have the feedback on the utility of

this innovation and the risks arising from it. Technology and business models are

evolving rapidly and regulators may not have the opportunity or capacity to assess the

5 United Nations Secretary General’s Special Advocate or Inclusive Finance for Development
(UNSGSA), Briefing on Regulatory Sandboxes<available at:
https://www.unsgsa.org/files/1915/3141/8033/Sandbox.pdf>.
6Ivo Jenik and Kate Lauer, Regulatory Sandboxes and Financial Inclusion, CGAP Working Paper
(October 2017) <available at: https://www.cgap.org/sites/default/files/Working-Paper-Regulatory-
Sandboxes-Oct-2017.pdf>.
7 The Role of Regulatory Sandboxes in FinTech Innovation, FinExtra<available at:
https://www.finextra.com/blogposting/15759/the-role-of-regulatory-sandboxes-in-fintech-innovation>.
8 RBI, Draft Enabling Framework for Regulatory Sandbox <available at:
https://rbi.org.in/scripts/PublicationReportDetails.aspx?UrlPage=&ID=920>.
9 Abhijit Bhatlekar, RBI to Set up Regulatory Sandbox for FinTech Firms, LiveMint <available at:
https://www.livemint.com/industry/banking/rbi-to-set-up-regulatory-sandbox-for-fintech-firms-
1554525234668.html>.
10 PwC India, FinTech Regulatory Sandbox, <available at: https://www.pwc.in/consulting/financial-
services/fintech/fintech-insights/the-sandbox-approach.html>; Fin Extra, The Role of Regulatory
Sandboxes in FinTech Innovation, <available at: https://www.finextra.com/blogposting/15759/the-role-
of-regulatory-sandboxes-in-fintech-innovation>.
11 Abhijit Bhatlekar, RBI to Set up Regulatory Sandbox for FinTech Firms, LiveMint <available at:
https://www.livemint.com/industry/banking/rbi-to-set-up-regulatory-sandbox-for-fintech-firms-
1554525234668.html>.

true implications of many innovations, unless they are tested. Such small-scale tests
can provide the objective and time-bound evidence to the process of regulatory
decision-making.

This RBI framework is significant for the following reasons- First, it recognizes the
widespread impact of fintech innovation and acknowledges the need for “learning by
doing" by the regulator and other stakeholders in a collaborative manner. Second, it
reduces the primary dependence on industry consultations as an input to policy
making. Industry consultations are usually dominated by the larger incumbent players
and this process provides an equal platform to early-stage startups to engage with the
regulator. Third, it provides a structured and time-bound framework which should
reduce regulatory uncertainty around new products and improve time to market for
new innovations.12

Keeping the Indian scenario in mind, a regulatory sandbox made for India cannot be
tailored in a manner similar to one in Hong Kong or in the United Kingdom, simply
because it must stay cognizant of the Indian reality. It needs to cater to the nuances of
the Indian market.

First, regulatory sandbox should priortize businesses that innovate to address the
needs of under-served customers such as rural households, women, blue-collared
workers, self-employed and senior citizens. This would help achieve one of its stated
benefits of improving financial inclusion.

Second, it should enable better co-ordination between RBI, the Insurance Regulatory
and Development Authority of India (IRDAI) and the Securities and Exchange Board
of India (SEBI) to avoid duplication of processes for bundled solutions that combine
savings, insurance and credit into a package. Many new products in the financial
services domain straddle multiple financial regulators and may not be restricted by
product silos. In the ‘farmer’ example above, the app combines multiple products
covered by different regulators under a single platform for the user. Common
distribution regulations across different products based on distributor and not products
would help in improving customer experience and compliance.

12 Smita Aggarwal, Opinion: How Regulatory Sandbox Can Be Tailored to the Indian Context
<available at: https://www.livemint.com/money/personal-finance/opinion-how-regulatory-sandbox-
can-be-tailored-to-the-indian-context-1557219514209.html>.

Third, it should use the voice of the consumers as an input into policy making.
Regulatory sandbox provides an opportunity to the regulator to access the response
and feedback of actual consumers to new products and services. This input could
vastly enhance the quality of customer-centric regulations and help build appropriate
consumer protection safeguards into new products and services.13

Additionally, some market analysts question the need for a regulatory sandbox in the
first place. Hence, before moving on to the next part and understanding how
regulatory sandboxes function, it is important to understand just why regulators,
companies, customers and fintechs need a regulatory sandbox in the first place. A
primary aim of a sandbox is to align compliance and regulation with the rapid growth
of Fintech companies without drowning them in rules, but at the same time, without
compromising on customer security. 14

Another goal is to attract the attention of different players like banks, private equity
and venture capital funds in the hopes of securing investment. Regulatory uncertainty
discourages investment. Investors are hesitant to invest in a company that is working
in an unregulated landscape as regulatory bodies can swoop in at any time and deem
its operations illegal, either forcing it to drastically change the business to comply or
shut it down.15

Similarly, investors don’t necessarily want to invest in an overregulated market either.
We’ve mentioned that overregulation can hinder innovation, affecting a company’s
growth rate and ability to achieve a worthwhile return on investment.

Fintech startups participating in regulatory sandbox initiatives can, therefore,
potentially convince investors, who previously have been hesitant to invest, that they
are working on both their regulatory obligations as well as their product or service

13 Smita Aggarwal, Opinion: How Regulatory Sandbox Can Be Tailored to the Indian Context
<available at: https://www.livemint.com/money/personal-finance/opinion-how-regulatory-sandbox-
can-be-tailored-to-the-indian-context-1557219514209.html>.
14 Fin Extra, The Role of Regulatory Sandboxes in FinTech Innovation, <available at:
https://www.finextra.com/blogposting/15759/the-role-of-regulatory-sandboxes-in-fintech-innovation>.
15 Pratik Bhakta, Regulatory Sandbox Will Help FinTech disrupt without fears, Economic Times
Online <available at: https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/regulatory-
sandbox-will-help-fintech-disrupt-without-fears/articleshow/68983910.cms?from=mdr>.

innovations. Regulatory sandboxes benefit customers, Fintech startups (innovators),
regulators and investors.16

Companies get the opportunity to work with regulators while testing their products in
a live market. Regulators, on the other hand, can develop more appropriate regulatory
policies through greater visibility into new innovations. Customers get better
protection, firstly because company products are tested in a controlled environment
before official rollouts, and secondly, because regulatory bodies are able to implement
more focused policies.17

Finally, banks and other investment funds are afforded more confidence in an entity’s
ability to comply with regulation while still being able to develop truly disruptive
products and services.

7.2. How Regulatory Sandboxes Work

Although, a regulatory sandbox as a concept is something that is constantly evolving,
a distinct feature is that it seeks to facilitate the necessary dialogue between market
participants and regulators to come up with regulations that strike the ideal balance
between fostering innovation and negating emerging risks. The points of difference
between models generally relate to the eligibility criteria, safeguards and testing
requirements, organizational structure, and operational details (such as rolling testing
v cohort testing).18 Regulatory Sandboxes allow regulators the opportunity to be well
placed to adapt local regulations, or recommend such adaptations to lawmakers, to
better suit the evolving financial services landscape.19 Importantly, it is the regulators
that set the rules for the sandboxes, allowing them to apply safeguards and controls
with a view to ensuring that consumers and financial stability are properly protected.

16 Fin Extra, The Role of Regulatory Sandboxes in FinTech Innovation, <available at:
https://www.finextra.com/blogposting/15759/the-role-of-regulatory-sandboxes-in-fintech-innovation>.
17 Fin Extra, The Role of Regulatory Sandboxes in FinTech Innovation, <available at:
https://www.finextra.com/blogposting/15759/the-role-of-regulatory-sandboxes-in-fintech-innovation>.
18 United Nations Secretary General’s Special Advocate or Inclusive Finance for Development
(UNSGSA), Briefing on Regulatory Sandboxes<available at:
https://www.unsgsa.org/files/1915/3141/8033/Sandbox.pdf>.
19 United Nations Secretary General’s Special Advocate or Inclusive Finance for Development
(UNSGSA) and the Markets Authority of Singapore (MAS),Early Lessons on Regulatory Innovations
to Enable Inclusive FinTech: Innovation Offices, Regulatory Sandboxes and RegTech<available at:
https://www.unsgsa.org/files/3515/5007/5518/UNSGSA_Report_2019_Final-compressed.pdf>.

Specific restrictions to ensure risk is not transferred from companies to consumers
will depend on the type of product, business model and technologies being leveraged.
For example, if the test involves selling insurance via a mobile app, the regulator may
decide to limit the test to basic insurance (such as travel insurance), rather than allow
more complex insurance products (such as life insurance). Similarly, for an
investment product, regulators may require firms to stay away from testing complex
investment instruments and set thresholds for total assets under management per
client.20

7.3. Regulatory Sandboxes in Asia Pacific

Each sandbox is different, with varying rules and eligibility criteria. In Hong Kong,
for example, until recently, the only sandbox was operated by the Hong Kong
Monetary Authority (HKMA) and participation was limited to “authorized
institutions” (banks and deposit takers already regulated by the HKMA). This meant
that fintech start-ups needed to partner with an “authorized institution” in order to
gain access to the sandbox. Meanwhile, Hong Kong’s securities and insurance
regulators, the Securities and Futures Commission (SFC) and the Insurance Authority
(IA), opted not to establish sandboxes, preferring instead to open fintech “contact
points” through which fintech start-ups could engage informally with the regulators.

In Australia, companies are permitted to carry on certain activities within the sandbox
operated by the Australian Securities and Investments Commission (ASIC) without
any specific regulatory licence or authorization, instead relying on a “fintech licensing
exemption”. Australia also allows more open access to its sandbox compared to other
sandboxes in the Asia-Pacific – companies do not need to apply to ASIC to
participate, and only need to notify ASIC that they intend to operate under the fintech
licensing exemption.

In Southeast Asia, the Monetary Authority of Singapore (MAS) has led the way in
developing the most sophisticated sandbox in that region, consistent with the
Singapore government’s ambition for the city-state to be a global centre for fintech

20 Ernst and Young, The Emergence and Impact of Regulatory Sandboxes in the UK and Across APAC
<available at: https://www.ey.com/Publication/vwLUAssets/ey-the-emergence-and-impact-of-
regulatory-sandboxes-in-uk-and-across-apac/$FILE/ey-the-emergence-and-impact-of-regulatory-
sandboxes-in-uk-and-across-apac.pdf>.

innovation. Most recently, the MAS has suggested that so-called initial coin offerings
(ICOs) could be “ring-fenced” using a sandbox, in order to keep tighter checks on this
innovative but controversial method of financing.21

The following table will ideally provide more insight as to the regulatory sandboxes
adopted by regulators in various jurisdictions in the Asia Pacific region22:

Jurisdiction Date of Target Firms Key Benefits Extended
upon acceptance into
and Regulatory Launch Regulatory Sandbox

Authority

Hong Kong November “Authorised Under the original version

(Hong Kong 2017 (for Institutions” (banks of the sandbox, some of

Monetary F.S.S 2.0) and deposit-taking the usual regulatory

Authority) Original/Old companies that are standards could be relaxed,
Version had on a case-by-case basis
been passed in regulated by the (e.g. security-related
2016 requirements for electronic
HKMA) and banking services).

Fintech/tech

companies

collaborating with
those institutions The new features (under

the FSS 2.0) will include:

1) A virtual “Fintech

supervisory

chatroom”, aimed

to provide quick

responses to

questions

2) Tech firms may

have direct access

21 Simon Hawkins, Fair Play in the Sandbox, VantageAsia<available at:
Sandbox, VantageAsia<available at:
https://www.vantageasia.com/fair-play-in-the-sandbox/>.
22 Simon Hawkins, Fair Play in the
https://www.vantageasia.com/fair-play-in-the-sandbox/>.

to FSS 2.0 by

seeking feedback

from the chatroom

without having to

rely on an

authorised

institution’s

participation in the

sandbox

3) Linking the FSS

2.0 with sandboxes

run by the other

Hong Kong

regulators (i.e. the

SFC and the IA) so

that there will be a

single point of

entry for pilot trials

of cross-sector

Fintech products

Hong Kong September Open to existing Provides a confined

(Securities 2017 SFC-licensed regulatory environment for

&Finance corporations (e.g., firms to operate regulated

Commission of investment firms, activities under the SFO

Hong Kong) broker dealers, before deploying their

asset managers) Fintech activities on a

and start-up firms greater scale.

that intend to carry

on a regulated

activity under the Firms may, through close
dialogue with and
Securities and supervision by the SFC,

Futures Ordinance

(Hong Kong readily identify and

Securities and address risks or concerns

Futures Ordinance) relevant to their regulated

activities.

Hong Kong (The September Available to Insurers testing new
Hong Kong 2017
Insurance authorised insurers insurtech initiatives in the
Authority)
(general business sandbox can gain real

and life insurers) in market data and

Hong Kong who information about user

intend to launch experiences in a controlled

insurtech environment.

products/services The IA may relax certain
supervisory requirements
(i.e., the on a case-by-case basis.

development and

application of

technology in the

insurance industry)

and other

technology

initiatives.

Singapore November All financial Usual regulatory standards
(Monetary 2016
Authority of institutions (banks, may be relaxed, on a case-
Singapore)
securities/futures by-case basis. For

intermediaries, example, those relating to:

insurers, asset

managers) and

Fintech firms 1) Asset maintenance

2) Board composition

3) Cash balances

4) Credit rating

5) Financial

soundness

6) Solvency and

capital adequacy

requirements

7) Management

experience

8) MAS Guidelines,

such as technology

risk management

and outsourcing

Malaysia October 2016 Financial Review and adaptation of

(Securities institutions (banks, regulatory requirements or

Commission of securities/futures procedures that may

Malaysia) intermediaries, unintentionally inhibit

insurers, asset innovation

managers)

Fintech companies
collaborating with
financial
institutions

Fintech companies
intending to carry
on a regulated
business in the
future

Thailand (Bank December The sandbox is Participants in the sandbox
of Thailand and 2016
the Securities open to: may test their financial
and Exchange
Commission) Financial products or services in a

institutions that are live, but limited

licensed in environment, without

Thailand (and their being fully subject to all

group companies licensing/ supervision

that conduct requirements that normally

financial business). would be applicable

Non-financial
institutions which
fall under the
supervision of the
Bank of Thailand
(e.g., non-deposit-
taking businesses,
like consumer
finance)

Fintech firms

Technology firms

The Fintech
initiatives proposed
by sandbox
applicants must
relate to:

Lending

Payments and fund
transfers

Other financial
transactions that
have similar
characteristics to
loans, payments
and fund transfers

South Korea August 2016 Robo-advisors The ‘Test Bed’ allows
(The Financial
Services The “Robo Advisor robo-advisory platforms to
Commission) Test Bed Center” is
hosted by Koscom test whether their product
Corporation (a
subsidiary of the is suitable for use by the
Korea Exchange)
investing public.

Applicants in the ‘Test

Bed’ are subject to a three-

stage examination, which

lasts around seven months,

before they are formally

assessed for approval to

commercialise their

technology.

Australia December Fintech businesses Fintech licensing

(Australian 2016 seeking to test exemption for 12 months

Securities and products and (extended to 24 months via

Investments services before n updated guideline in

Commission) they obtain an 2018).

Australian financial

services licence or

Australian credit Waiver or rule

licence modifications.

In 2018, the types of

products that can be tested

in the sandbox have been

expanded significantly

(e.g., to include certain life

insurance and

superannuation products)

7.4. UK’s FCA – 1st Regulatory Sandbox

The FCA was the first regulatory authority to launch a regulatory sandbox in 2015.
With the mandate of promoting effective competition in the interests of consumers in
mind, the FCA launched the sandbox to reduce the time & cost to bring innovative
ideas to the market.

Another reason for FCA to launch the regulatory sandbox was to try and safeguard
the position of the UK as a FinTech hub. In order for a FinTech company to be
involved in the regulatory sandbox, there are certain conditions that a FinTech must
meet. It must prove that the product is a genuine innovation which offers an
identifiable benefit to the consumers. FinTech involved in the regulatory sandbox are
provided certain benefits that others do not, such as a restricted authorization to
operate. Any operational products of a FinTech company require prior approval from
the FCA. Sandbox firms also receive individual guidance on rules and regulations or a
waiver or modification to existing rules, if concerned product breaches FCA rules.
However, the waiver is only granted only in cases where the FCA is convinced that
the rule is not achieving its stipulated purpose or is unnecessarily burdensome. The
biggest advantage of being accepted into the sandbox is the award of a ‘No
Enforcement Action Letter’ provided to firms. It essentially safeguards firms from
disciplinary actions arising out of unexpected issues – provided that the FinTech firm

has adhered to the testing parameters and is treating the customers fairly.23 For firms,
a sandbox is an ideal working environment. Working closely with the FCA appears to
give firms a greater degree of legitimacy with customers and investors alike. Having
the opportunity to discuss details of innovative compliance approaches with the FCA,
also gives firms increased confidence in their strategic plans, especially if these
include applying for full authorisation upon exiting the sandbox. And, when a firm
chooses to apply for full authorisation, its experience in the sandbox tends to make the
process quicker and smoother. Start-ups wishing to provide services for other
regulated firms find that their experience in working closely with the FCA gives them
a much deeper appreciation of the regulatory environment in which their prospective
clients operate.24

Over the course of understanding the FCA’s Sandbox for FinTech, we will look at
four key elements of the regulatory sandbox- Firstly, the application process for
FinTechs; followed by the authorisation; third, the ‘testing’ stage for the FinTechs
accepted as a part of the sandbox; followed by the final component, the ‘exit’ from
the sandbox.

The first step a firm needs to take to start its sandbox journey is to submit an
application which sets out its business plan and describes how it meets the sandbox’s
eligibility criteria. As part of the review process, the FCA will, if necessary, contact
firms to obtain clarification or further information before making a decision on their
applications. Once accepted, firms are normally given between three and six months
in the sandbox.

Once firms are accepted, they have to complete all the paperwork and set up the
capabilities to obtain the necessary authorisation(s) – typically with restrictions such
as the number of customers or the volume of transactions. To ease the process, the
FCA generally appoints one of its members as the FCA Case-Officer who is tasked as
being the intermediary and coordinator between the firm trying to secure authorisation
and the FCA.

23 Duke University, FinTech Law and Policy Course, COURSERA.
24 Deloitte and EMEA, A Journey Through the FCA Regulatory Sandbox: The Benefits, Challenges and
the Next Steps, <available at: https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/financial-
services/deloitte-uk-fca-regulatory-sandbox-project-innovate-finance-journey.pdf>.

Once firms have received the required authorisation, they can start testing. However,
it is important to recognise that there can be a significant lead time between being
accepted into the sandbox and the start of any testing. In many cases, it might take a
few months to obtain the necessary authorisation(s). And, even after a firm is
authorised, mobilising capabilities for testing can be time consuming – specifically
customer acquisition and opening a business bank account have proven to be common
challenges for new entrants. With respect to customer acquisition, firms testing in the
sandbox are responsible for identifying real customers to perform their tests with.
Start-ups with few or no customers (and sometimes limited marketing budgets) tend
to find this a bigger challenge than more established firms with an existing client
base.25 When appropriate, partnership with other firms can be helpful in overcoming
this obstacle. While the number of tests and their criteria must be agreed with the
FCA at the outset, firms are given a significant degree of freedom in designing their
own test plans. Firms are also largely free to choose the Key Performance Indicators
(KPIs) used to assess the performance of the test(s). The KPIs (e.g. customer adoption
rates or ease of customer journey) are normally intended to measure the business
objectives, rather than fulfilment of regulatory requirements.26 Provided the necessary
consumer safeguards are in place, the FCA has been normally very flexible and
willing to consider small amendments to both testing plans and KPIs if required.27

Following the completion of their tests, or the end of the agreed testing period, firms
need to transition out of the sandbox. As part of the testing plans, firms will have
agreed customer safeguards and exit plans to implement upon the test completion. As
a final step, firms need to submit a report to the FCA detailing the outcome of the
performed test(s) and next steps. Transitioning out can take many forms depending on
how the firm chooses to proceed. Firms looking to continue the tested business model

25 Deloitte and EMEA, A Journey Through the FCA Regulatory Sandbox: The Benefits, Challenges and

the Next Steps, <available at: https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/financial-

services/deloitte-uk-fca-regulatory-sandbox-project-innovate-finance-journey.pdf>.
26 European Securities & Markets Authority, European Banking Authority and European Insurance and

Occupational Persons Authority, Report on FinTech: Regulatory Sandboxes and Innovation Hubs,

<available at:

https://eba.europa.eu/documents/10180/2545547/JC+2018+74+Joint+Report+on+Regulatory+Sandbox

es+and+Innovation+Hubs.pdf>.
27 European Securities & Markets Authority, European Banking Authority and European Insurance and

Occupational Persons Authority, Report on FinTech: Regulatory Sandboxes and Innovation Hubs,

<available at:

https://eba.europa.eu/documents/10180/2545547/JC+2018+74+Joint+Report+on+Regulatory+Sandbox

es+and+Innovation+Hubs.pdf>.

have to apply for a “variation of permission” to lift the restrictions imposed during the
test. While the majority of firms choose to do so, other options include, upon getting
appropriate legal advice, agreeing with the FCA that authorisation is not required, or
reconsidering their business model and regulatory position.28

28 Deloitte and EMEA, A Journey Through the FCA Regulatory Sandbox: The Benefits, Challenges and
the Next Steps, <available at: https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/financial-
services/deloitte-uk-fca-regulatory-sandbox-project-innovate-finance-journey.pdf>.